Blog

How to Set Up an SFTP Server on Windows Server: Step-by-Step Guide

Windows Server
Santosh Pathai
February 17, 2025
0 comments

How to Set Up an SFTP Server on Windows Server: Step-by-Step Guide

To set up an SFTP server on Windows Server, you can use OpenSSH, which is now included as an optional feature in recent versions of Windows Server (such as Windows Server 2019 and 2022). Here’s a step-by-step guide on how to do it:

Step 1: Install OpenSSH Server

  1. Open Windows Settings:

    • Press Windows Key + I to open the Settings window.

  2. Install OpenSSH Server:

    • Go to Apps > Optional Features > Add a Feature.
    • Scroll down or search for OpenSSH Server.
    • Click Install to install the OpenSSH Server feature.

    Alternatively, you can install OpenSSH via PowerShell:

    • Open PowerShell as Administrator.
    • Run the following command:
      powershell
      Add-WindowsFeature -Name OpenSSH-Server

Step 2: Start and Configure the OpenSSH Server

  1. Start the OpenSSH Server:

    • After installation, you need to start the OpenSSH service.
    • Open PowerShell or Command Prompt as an administrator.
    • Run the following command to start the SSH server:
      powershell
      Start-Service sshd

  2. Set the SSH server to start automatically:

    • Run the following command to configure SSH to start automatically when the server boots:
      powershell
      Set-Service -Name sshd -StartupType 'Automatic'

  3. Check the Status of the Service:

    • To ensure that the SSH server is running correctly, run:
      powershell
      Get-Service -Name sshd
    • This will show the status of the sshd service.

Step 3: Allow SSH/SFTP through the Windows Firewall

  1. Allow SSH traffic through the firewall:

    • Run the following command in PowerShell to enable SSH connections through the firewall:
      powershell
      New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

    This allows inbound connections on port 22, which is the default port for SSH and SFTP.

Step 4: Configure User Access and Permissions

  1. Create a User Account for SFTP Access:

    • You can either use an existing user or create a new user specifically for SFTP.
    • To create a new user:
      powershell
      New-LocalUser "sftpuser" -Password (ConvertTo-SecureString "YourSecurePassword" -AsPlainText -Force)
      Add-LocalGroupMember -Group "Users" -Member "sftpuser"

  2. Assign Folder Permissions:

    • If you want to restrict the SFTP user to a specific directory, you need to set the appropriate NTFS permissions.
    • Create a folder (e.g., C:\SFTP) and set the appropriate permissions:
      • Right-click the folder > Properties > Security.
      • Click Edit, select the SFTP user, and provide necessary permissions (e.g., Read/Write).

  3. Configure SFTP Access:

    • OpenSSH by default does not restrict users to SFTP (it allows SSH access). To restrict users to SFTP and prevent SSH login, you need to modify the sshd_config file.
    • The configuration file is typically located in C:\ProgramData\ssh\sshd_config. Open it in a text editor (e.g., Notepad) as an administrator.

  4. Modify the sshd_config for SFTP-only Access:

    • Add the following lines at the end of the file to restrict the SFTP user to SFTP-only access (not full SSH shell access):

      bash
      Match User sftpuser
      ForceCommand internal-sftp
      PasswordAuthentication yes
      ChrootDirectory C:\SFTP
      AllowTcpForwarding no
      PermitTTY no

    • This configuration will:

      • Restrict the user sftpuser to only use SFTP and prevent access to a shell.
      • Force the user into the C:\SFTP directory upon login.
      • Disable TCP forwarding and TTY access.

  5. Restart the SSH Service:

    • After modifying the sshd_config, restart the SSH service to apply the changes:
      powershell
      Restart-Service sshd

Step 5: Test SFTP Access

  • From a client machine, you can use an SFTP client (like WinSCP, FileZilla, or OpenSSH Client in Linux/macOS) to test the connection to the Windows Server:

    • Use the IP address or hostname of the server.
    • Log in with the username (sftpuser) and password.

    For example, in WinSCP, you would:

    1. Open WinSCP.
    2. Select SFTP as the protocol.
    3. Enter the server’s IP address, the sftpuser username, and the password.
    4. Click Login.

Troubleshooting

  • If you encounter issues, check the OpenSSH logs located in C:\ProgramData\ssh\logs for any errors or misconfigurations.
  • Ensure your firewall or security software isn’t blocking port 22.

This should set up a functional SFTP server on your Windows Server machine. Let me know if you need further assistance!

, , , , , , , , ,

Leave your thought here

Your email address will not be published. Required fields are marked *

Copyright © Cloud Sparkle Technologies Private Limited 2024. All rights reserved.
Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
Click outside to hide the comparison bar
Compare